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DETAILED ACTION 
Response to Amendment 

The applicant has amended claims 8 and 21. Claim 8-14 and 21-29 are currently 
pending. 

Response to Arguments 
Applicant's arguments filed 9/26/2008 have been fiiUy considered but they are not 
persuasive for two reasons. First, the Examiner could find no support for the applicant's claim 

amendment in the applicant's specification. Second, Amdur teaches the use of many different 
types of authentication in paragraph 188 and the mentioned biometric data can be considered the 
claimed second password. 

Claim Rejections - 35 USC § 112 
The following is a quotation of the first paragraph of 35 U.S.C. 1 12: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such Ml, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 

Claims 8 and 21 are rejected under 35 U.S.C. 1 12, first paragraph, as failing to comply 
with the written description requirement. The claim(s) contains subject matter which was not 
described in the specification in such a way as to reasonably convey to one skilled in the relevant 
art that the inventor(s), at the time the application was filed, had possession of the claimed 
invention. Though the applicant's specification mentions passwords (page 6, lines 18-26; page 8, 
lines 4-13; page 10, lines 6-16, the random numbers are not part of the alias identity as disclosed 
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here; page 10, lines 23-25; and page 15, line 28-page 16, line 4 which mentions biometrics), the 
applicant's specification does not mention the alias identity information including a random 
password and a random principal password as claimed. 

The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

Claims 8 and 21 are rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

It is unclear how a random password and a random principal password are supposed to 

differ. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published imder section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

Claims 8-14 and 21-29 are rejected under 35 U.S.C. 102(e) as being anticipated by U.S. 
Patent Application Publication Number 2008/0134286 by AMDUR et al. 
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As to claim 8, Amdur teaches a method for policy and attribute based access to a 
resource, comprising: receiving a session request for access to a resource, wherein the session 
request is sent from a service and includes alias identity information for a principal (paragraph 
94, the user's login name is considered the alias), wherein the alias identity information includes 
a random password and a random principal password (paragraph 188 as explained in the 
response to arguments section); mapping the ahas identity information to identity information of 
the principal (paragraphs 95-96); authenticating the identity information; acquiring a service 
contract for the principal, the service, and the resource, wherein the service contract includes 
selective resource access policies and attributes which are permissibly used by the service on 
behalf of the principal (paragraphs 95-96); and establishing a session with the service, wherein 
the session is controlled by the service contract (paragraphs 95-96). 

As to claim 9, Amdur teaches the method of claim 8 fiirther comprising accessing an 
identity configuration for the principal in order to acquire the selective resource access policies 
and attributes included within the service contract (paragraph 96). 

As to claim 10, Amdur teaches the method of claim 8 ftirther comprising denying access 
attempts made by the service during the session when the access attempts are not included within 
the service contract (paragraphs 95-96). 

As to claim 1 1 , Amdur teaches the method of claim 8 fiirther comprising terminating the 
session when an event is detected that indicates the service contract is compromised or has 
expired (paragraphs 198-199). 

As to claim 12, Amdur teaches the method of claim 8 further comprising establishing the 
service contract with the principal prior to receiving the session request (paragraphs 95-96). 
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As to claim 13, Amdur teaches the method of claim 12 further comprising reusing the 
service contract to establish one or more additional sessions with the service, wherein the one or 
more additional sessions are associated with one or more additional session requests made by the 
service (paragraphs 93-96). 

As to claim 14, Amdur teaches the method of claim 12 wherein the establishing further 
includes establishing the service contract with the principal in response to a redirection operation 
performed by a proxy that intercepts a browser request issued from the principal to the service 
for purposes of accessing the resource (paragraph 88). 

As to claim 21, Amdur teaches a policy and attribute based resource session manager, 
residing in a computer-accessible medium, comprising instructions for establishing a session 
with a resource, the instructions when executed performing the method of: receiving alias 
identity information from a service, wherein the alias identity information is associated with a 
principal (paragraph 94, the user's login name is considered the alias), wherein the alias identity 
information includes a random password and a random principal password (paragraph 188 as 
explained in the response to arguments section); requesting a mapping of the alias identity 
information to principal identity information; requesting authenticating of the identity 
information (paragraphs 95-96); requesting a service confract for the principal, the service and a 
resource, wherein the service contract includes selective resource access policies and attributes 
derived from an identity configuration (paragraphs 95-96); and establishing a session with the 
service and the resource, wherein the session is confroUed by the service contract (paragraphs 
95-96). 
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As to claim 22, Amdur teaches the policy and attribute based resource session manager of 
claim 21 having instructions further comprising, permitting the service to indirectly access an 
identity store which represents the resource, and wherein the identity store includes secure 
information related to the principal (paragraphs 95-96). 

As to claim 23, Amdur teaches the policy and attribute based resource session manager of 
claim 21 having instructions further comprising terminating the session when the service contract 
expires or is compromised (paragraphs 198-199). 

As to claim 24, Amdur teaches the policy and attribute based resource session manager of 
claim 21, wherein the requesting of the mapping further includes interacting with an alias 
translator (paragraphs 95-96). 

As to claim 25, Amdur teaches the policy and attribute based resource session manager of 
claim 21, wherein the requesting of authentication fiirther includes interacting with an 
identification authenticator (paragraphs 95-96). 

As to claim 26, Amdur teaches the policy and attribute based resource session manager of 
claim 21 having instructions further comprising managing the session by acting as an 
intermediary between the service and a legacy Lightweight Directory Access Protocol (LDAP) 
application which has access privileges to the resource (paragraphs 97-103). 

As to claim 27, Amdur teaches the policy and attribute based resource session manager of 

claim 26, wherein the receiving further includes intercepting a session request that is issued from 
the service for the legacy LDAP application, wherein the session request includes the alias 
identity information (paragraphs 97-103). 
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As to claim 28, Amdur teaches the policy and attribute based resource session manager of 
claim 27 having instructions further comprising managing the session with respect to the service 
as if the policy based resource session manager were the legacy LDAP application (paragraphs 
97-103). 

As to claim 29, Amdur teaches the policy and attribute based resource session manager of 
claim 21 wherein the instructions for establishing the session further includes defining the 
selective resource access policies as at least one of a read operation and a write operation and 
defining the attributes as selective confidential data related to the principal, wherein the policies 
define operations that are permissible on the attributes, and wherein values for the attributes 
reside in the resource (paragraphs 95-96). 



Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 

Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS fi-om the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
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however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to DOUGLAS B. BLAIR whose telephone number is (571)272- 
3893. The examiner can normally be reached on 9:00am-5 :30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Caldwell can be reached on (571) 272-3868. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Douglas B Blair/ 

Primary Examiner, Art Unit 2442 



